Money is not a resource, it is a placeholder. I am talking about rare earth magnets, complex metals, and special carbon compounds. LiPo batteries are not made of money, you know...

Because a project patching bugs daily (that only a hand full of users are actually applying) is rated as more secure then a well tested and stable project that is not finding bugs and releasing patches...

The Star Trek economy only works with no scarcity. And while there is a surplus of labor, there is NOT a surplus or resources or energy. And energy is the big one here, as everyone keeps telling us. Sure there is solar, and wind, but they run up against some rather hard resource limitations. (Especially plastics which depend on oil...)

"I know you have this tool that works perfectly well for what you are doing, but you should remove it now, and use my new and bloated tool instead..."

Seems to be the current "best practice" and I hate it.

NTP is actually quite solid. But pool.ntp.org could use some love. It can't work without servers...

If it works, why change it? The SmallWall project was immune to all of the SSL bugs in the last year because we use an old version that does not have these new and buggy features... Of course, this rating system would ding us for that... :)

I agree that it is a very good idea. But the execution leaves a lot to be desired.

Their rating system actually encourages this. If you have tight controls on commits, like perhaps 1 or two people who review code and actually make the commits, you are "at risk." So go ahead and give that NSA guy commit access...

Because it is what they use. Porting has a non-zero cost as well.

No, they have a lit of project that rate in their arbitrary definition of "risk." Have a nice and stable project that is not on the feature of the week train? High risk, because there are not enough updates. How about a hidden development svn, with a public mirror that makes all contributions look like they come from one person? Oh, that is very high risk... By their metrics, "Hello World" is the riskiest program on the planet.

Did you read how the derived it? Patches mean less risk (for some bizarre reason) and systemd patches hourly!

What would you call Linux with a toolbar? Unity?

At some point, someone has to make the decision. It is simply too important to be left to a comity. Design by comity leads to a real mess...

Yet somehow you could not type one name here...

He is open source. He can not die. He will just fork. :)

Delete stuff from the Internet... Hmmm... Sounds like a wonderful idea. How?

Actually it is a terrible idea, even if it could work, because looking at how the code progressed is how you learn. Not to mention that I can patch and old version to fix the vulnerability, but not have to move to the new and incompatible version.